Commit dc82b1a5 authored Oct 28, 2024 by Diogo Jahchan Koike Committed by Long Li Oct 28, 2024

ntfs3: Change to non-blocking allocation in ntfs_d_hash

mainline inclusion
from mainline-v6.10-rc2
commit 589996bf8c459deb5bbc9747d8f1c51658608103
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRDE
CVE: CVE-2024-50065

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=589996bf8c459deb5bbc9747d8f1c51658608103



--------------------------------

d_hash is done while under "rcu-walk" and should not sleep.
__get_name() allocates using GFP_KERNEL, having the possibility
to sleep when under memory pressure. Change the allocation to
GFP_NOWAIT.

Reported-by:  <syzbot+7f71f79bbfb4427b00e1@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=7f71f79bbfb4427b00e1


Fixes: d392e85fd1e8 ("fs/ntfs3: Fix the format of the "nocase" mount option")
Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Long Li <leo.lilong@huawei.com>

parent 9d0af12b

fs/ntfs3/namei.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -501,7 +501,7 @@ static int ntfs_d_hash(const struct dentry dentry, struct qstr name)
		/*
		* Try slow way with current upcase table
		*/
		uni = __getname();
		uni = kmem_cache_alloc(names_cachep, GFP_NOWAIT);
		if (!uni)
		return -ENOMEM;

		@@ -523,7 +523,7 @@ static int ntfs_d_hash(const struct dentry dentry, struct qstr name)
		err = 0;

		out:
		__putname(uni);
		kmem_cache_free(names_cachep, uni);
		return err;
		}